Wednesday, December 17, 2008

Microsoft is rushing out a software update for its Internet Explorer web browser, after security experts warned that millions of computer users could have their PCs ‘hijacked’ by hackers.

The security ‘patch’, which will be made available later today, will close the loophole in Internet Explorer 7 that enables cyber criminals to gain access to a PC by directing users to infected websites. According to security firm Trend Micro, around 10,000 websites, mostly in China, have already been affected, and there is potential for malicious hackers elsewhere in the world to take advantage of the flaw.

“When the patch is released, people should run, not walk, to get it installed,” said Paul Ferguson, a researcher with Trend Micro. “This vulnerability is being actively exploited by cyber criminals and getting worse every day.”

It is estimated that about 0.2 per cent of Internet Explorer users had already visited one of the websites designed to exploit the security flaw. Internet Explorer is used by around 70 per cent of web users, meaning that millions of people could potentially be targeted by hackers.

Microsoft said a team of engineers had been working “around the clock” to fix the loophole.

“Obviously when you are talking about a customer base of over one billion people, any amount of vulnerability is too much,” said John Curran, head of Microsoft’s Windows commercial business group in the UK. “Any type of infection is going to see a large number of people affected by it.” It is thought that the security flaw was exposed by accident, after a Chinese security firm, Knowsec, released details of the loophole believing Microsoft had already issued a software fix to resolve it.

As a result, the websites corrupted by the hackers are mostly Chinese, and have been programmed to steal passwords for computer games which can be sold for money on the black market, but researchers at Trend Micro have warned cyber criminals elsewhere will be quick to capitalise on the flaw.

Security experts have recommended that Internet Explorer users install a different web browser, such as Firefox or Google Chrome, until the Microsoft patch is available.